kyccost

Independent reference. Not legal or regulatory advice. Consult a qualified compliance specialist for advice specific to your jurisdiction and risk profile. See methodology.

Cluster 6 / Cost reduction

Cutting KYC cost without cutting controls.

Five levers move a fintech KYC budget: risk-based simplified due diligence, perpetual KYC, false-positive reduction, RFP discipline, and risk-mix design. Each reduces duplicated or disproportionate effort, not the standard of due diligence applied to any given customer. Ranked by impact, with a worked before-and-after.

SDD on the low-risk book | pKYC 60-80% periodic-review saving | RFP discipline 20-40% off published rates

The unit to reduce is effort, not standard.

KYC cost reduction is a proportionality problem, not a discount-hunting one. The largest avoidable costs on a fintech compliance budget come from applying the same depth of due diligence to a low-risk consumer that a high-risk corporate genuinely requires, and from investigating alerts that were never real. Both are removable without lowering the control standard on any individual customer. The FATF framework now says so explicitly: the February 2025 amendment to Recommendation 1 replaced "commensurate" with "proportionate", and the 22 June 2025 financial-inclusion guidance strengthened the language on simplified due diligence from "may decide to allow" to "should allow and encourage" in identified lower-risk situations.

The discipline is to cut where risk is genuinely low and hold or increase spend where it is not. A budget that cuts uniformly across the board is a control failure waiting to surface in a supervisory review. The five levers below are ordered by structural impact, and each one names the line it actually reduces.

Five levers, ranked by impact.

LeverReducesEffectBasis
Risk-based simplified due diligence (SDD)Largest structural leverCuts screening cycles and ops labour on the low-risk bookFATF February 2025 amendment to Recommendation 1 and the 22 June 2025 financial-inclusion guidance encourage SDD in identified lower-risk situations. Over-uniform CDD across a low-risk consumer book is the most common avoidable cost.
Perpetual KYC (pKYC)Largest recurring-cost lever60-80% labour saving on periodic reviewPwC benchmarks 60-80% labour saving on the periodic-review process for institutions that migrate from scheduled refresh to event-driven perpetual KYC. The implementation cost is the offsetting line.
False-positive reductionLargest ops-labour leverEach avoided alert is fixed analyst time savedLegacy monitoring false-positive rates run as high as 95%. Tuning screening thresholds, better data feeds and de-duplication cut the alert volume that drives investigation labour.
Procurement / RFP disciplineLargest vendor-invoice lever20-40% off published rates at scaleRFP discipline at the £100,000+ vendor-spend mark routinely returns 20-40% off published per-verification rates. Committed-use volume tiers compound the discount.
Risk-mix designLargest blended-cost leverBlended unit cost scales with the EDD shareMoving from a 25% EDD book to a 5% EDD book roughly halves blended fully-loaded cost. Product and onboarding design that avoids unnecessary high-risk segments is a cost decision, not only a risk decision.

Sources: FATF Recommendations (February 2025 amendment) and the 22 June 2025 financial-inclusion guidance; PwC Perpetual KYC: A new approach to periodic reviews; LexisNexis Risk Solutions / Forrester True Cost of Financial Crime Compliance; industry RFP benchmarks. Figures are the same anchors used across this site; see the methodology page.

Lever 1

Risk-based simplified due diligence.

The structural lever. A fintech that runs full CDD, repeated screening cycles and manual review across a predominantly low-risk consumer book is spending disproportionately, and the FATF framework now says as much. A documented risk assessment that supports tiered SDD for the genuinely low-risk segment removes screening cycles and ops labour from the largest part of the book. The risk-assessment and policy work is a real cost line, but it pays back several times over because it applies to the highest-volume segment.

The constraint is that SDD has to be earned by a defensible risk assessment, not assumed. Supervisors are now expected to take into account the risk-mitigation measures a firm has in place and to avoid driving overcompliance from a partial understanding of risk. See the CDD vs EDD page for how each diligence tier costs out, and the geography page for how UK, EU and US regimes treat simplified measures.

Lever 2

Perpetual KYC.

The recurring-cost lever. Scheduled periodic review (annual or biennial refresh of the entire active book) is labour-intensive and largely re-verifies customers whose risk has not changed. Perpetual KYC replaces it with event-driven refresh: the file updates when a trigger fires, not on a calendar. PwC benchmarks a 60-80% labour saving on the periodic-review process for institutions that migrate. For a fintech the absolute saving is roughly £4-£8 per active customer per year.

The offsetting line is implementation: small fintechs spend tens of thousands, mid-sized institutions £100k-£500k, large banks several million. The payback is faster the larger and more corporate the active book, because the periodic-review labour being displaced is greater. The full recurring picture sits on the ongoing cost page.

Lever 3

False-positive reduction.

The ops-labour lever. Ops labour is the largest line vendors do not bear, and most of it is spent investigating alerts that turn out to be noise. Legacy monitoring false-positive rates run as high as 95%, and the same effect appears at onboarding where sanctions, PEP and adverse-media checks generate alerts that are mostly false. Because per-alert investigation time is roughly fixed, cutting the alert volume cuts labour close to one-for-one.

The practical levers are threshold tuning, better-scoped and better-quality data feeds, name-matching configuration, and de-duplication of repeat hits on the same entity. A worked illustration: 100,000 onboardings at a 4% hit rate and £6.50 average investigation cost is £26,000 of pure ops labour before escalations; halving the false-positive rate removes a proportionate share. The false-positive cost page carries the full sizing model.

Lever 4

RFP and procurement discipline.

The vendor-invoice lever. Published vendor pricing pages are pitched at startups and SMEs; scale fintechs almost always negotiate. The asymmetry between published and contracted commercials is one of the larger cost-control levers in compliance procurement. RFP discipline at the £100,000+ vendor-spend mark routinely returns 20-40% off published per-verification rates, and committed-use volume tiers compound the discount further.

The single most useful procurement discipline is to decompose the quote: platform fee, committed-use floor, per-verification rate above commit, and per-feature line items (sanctions data, EDD module, ongoing monitoring) priced separately. A bundled quote routinely hides 15-30% of cost that decomposition surfaces. The provider pricing context page sets out the four pricing structures and the volume-discount mechanics in full.

Worked example: risk-mix and SDD on a 100,000-customer book.

The same arithmetic the per-customer cost page uses: £10 CDD baseline plus a £55 EDD overlay, blended by the EDD share of the book. Moving an over-classified book towards a proportionate risk mix is the cleanest illustration of cost reduction without reduced controls, because the high-risk customers keep their full diligence.

Before: 25% EDD book
CDD baseline (per onboarded)£10.00
EDD overlay (25% × £55)£13.75
Blended per customer£23.75
100,000 onboardings£2,375,000
After: 5% EDD book (proportionate)
CDD baseline (per onboarded)£10.00
EDD overlay (5% × £55)£2.75
Blended per customer£12.75
100,000 onboardings£1,275,000

The £1.1M difference is entirely the EDD share. This only counts as cost reduction if the reclassified customers were genuinely low-risk and the change is backed by a documented risk assessment; reclassifying a genuinely high-risk customer to save the overlay is a control failure, not a saving. SDD and false-positive reduction stack on top of this by lowering the CDD baseline itself for the low-risk segment.

What not to cut.

EDD on genuinely high-risk customers.

The overlay exists because source-of-funds review, UBO mapping and senior approval mitigate real exposure. Cutting it on customers who genuinely meet a Regulation 33 trigger is the fastest route to a supervisory finding, not a saving.

Ongoing monitoring on the active book.

Perpetual KYC reduces the labour of monitoring; it does not remove the obligation. Dropping monitoring to hit a budget converts a recurring cost line directly into financial-crime exposure on a book that has already been onboarded.

Sanctions data quality.

Switching to a cheaper screening feed without checking list coverage, update frequency and adverse-media depth trades a small per-cycle saving for a missed-hit risk. The sanctions screening cost page sets out what the data line buys.

KYC cost reduction questions

How can a fintech reduce KYC cost without weakening controls?+
The five levers that move the budget without reducing the control standard are: apply risk-based simplified due diligence to the genuinely low-risk book (now explicitly encouraged by the FATF February 2025 amendment and the June 2025 financial-inclusion guidance), migrate to perpetual KYC to cut periodic-review labour by 60-80% (PwC benchmark), reduce false positives so analysts investigate fewer noise alerts, run RFP discipline to take 20-40% off published vendor rates at scale, and design the product so the EDD population is no larger than the risk genuinely requires. None of these lowers the standard of due diligence applied to a given customer; they remove duplicated or disproportionate effort.
Does the FATF 2025 change actually let me spend less on KYC?+
It legitimises spending proportionately, which usually means less on the low-risk book. The February 2025 amendment replaced 'commensurate' with 'proportionate' throughout the risk-based-approach guidance, and the 22 June 2025 financial-inclusion guidance strengthened the language on simplified due diligence from 'may decide to allow' to 'should allow and encourage' in identified lower-risk situations. For a fintech that has applied uniform CDD across a predominantly low-risk consumer base, a defensible risk assessment supporting tiered SDD is the single largest avoidable-cost lever. The risk-assessment work is itself a cost line, but it pays back several times over in reduced screening cycles and ops labour.
How much does perpetual KYC save?+
PwC benchmarks a 60-80% labour saving on the periodic-review process for institutions that migrate to perpetual KYC (event-driven refresh instead of fixed annual or biennial review). For a fintech the absolute saving is roughly £4-£8 per active customer per year against traditional periodic review. The offsetting line is implementation: small fintechs spend tens of thousands, mid-sized institutions £100k-£500k, large banks several million. The payback period is shorter the larger and more corporate the active book.
Why does false-positive reduction matter so much for cost?+
Ops labour is the largest single line vendors do not bear, and most of it is spent investigating alerts that turn out to be noise. Legacy monitoring false-positive rates run as high as 95%, and the same effect appears at onboarding where sanctions, PEP and adverse-media checks generate alerts that are mostly false. Because per-alert investigation time is roughly fixed, cutting the alert volume cuts labour close to one-for-one. Threshold tuning, better-scoped data feeds, and de-duplication of repeat hits are the practical levers. See the false-positive cost page for the sizing model.
Is cutting KYC cost a regulatory risk?+
Reducing cost and reducing control are different things, and the regulator cares about the second. Every lever on this page reduces duplicated or disproportionate effort, not the standard of due diligence applied to a given customer. The FATF guidance is explicit that supervisors should avoid driving overcompliance from a partial understanding of risk. The genuine risk is cutting the wrong line: under-screening a high-risk segment, or removing monitoring to hit a budget. The discipline is to cut cost where risk is genuinely low and hold or increase spend where it is not.
What should a fintech not cut to save on KYC?+
Do not cut EDD on genuinely high-risk customers, do not remove ongoing monitoring on the active book to hit a budget, and do not switch to a cheaper sanctions data feed without checking list coverage and update frequency. These are the lines where under-spend converts directly into regulatory and financial-crime exposure. The cost-reduction discipline is to spend proportionately, which means redirecting effort away from the low-risk book and towards the high-risk one, not cutting uniformly across the board.

Sources cited on this page

  1. FATF Recommendations (February 2025 amendment to Recommendation 1) · 'commensurate' replaced with 'proportionate'
  2. FATF Guidance on Financial Inclusion and AML/CFT Measures (22 June 2025) · SDD strengthened to 'should allow and encourage' in lower-risk situations
  3. PwC Perpetual KYC: A new approach to periodic reviews · 60-80% labour saving on periodic-review process
  4. LexisNexis Risk Solutions / Forrester True Cost of Financial Crime Compliance · labour-share benchmarks
  5. Money Laundering Regulations 2017 (SI 2017/692), Regulation 33 EDD triggers
  6. Industry RFP benchmarks 2025 (vendor procurement) · 20-40% off published rates at £100k+ spend

Updated 2026-04-27